Federal government accuses four Russians of attacks in the energy sector


Critical infrastructure security

The men allegedly targeted utilities, nuclear power plants, oil and gas companies

Devon Warren-Kachelein (devawarren) •
March 24, 2022

The four alleged Russian nation-state actors accused of launching global energy hacking campaigns. (Source: fbi.gov)

The US Department of Justice unveiled two indictments on Thursday charging four government-linked Russian nationals with hacking crimes against the US energy sector between 2012 and 2018.

See also: Live Webinar | Advance your cloud network security posture

The four people were placed on the FBI Most Wanted Listas the federal government continues to warn American organizations to strengthen defenses against attacks by Russian nation states in the Russian-Ukrainian conflict.

“Russian state-sponsored hackers pose a serious and persistent threat to critical infrastructure in the United States and around the world,” DOJ Deputy Attorney General Lisa O. Monaco said in a statement. declaration. Additionally, Monaco said the documents were unsealed to warn US companies to persist in strengthening their defenses against attack.

The four Russian men charged by US prosecutors for global attacks on the energy sector. (Source: fbi.gov)

According to the statement, the attacks affected thousands of computers and hundreds of organizations around the world. The hacking campaigns were carried out in around 135 countries.

Also on Thursday, the DOJ announced another indictment charging three alleged Russian actors with threatening to operate a darknet market that sold stolen credentials and engaging in other illicit activities (see: US accuses Russia of being behind popular card market).

Schneider Electric Hack

An indictment, handed down by a federal grand jury in June 2021, accuses a Russian Defense Ministry researcher Yevgeny Viktorovich Gladkikh 36 years of playing a leading role in disrupting refineries.

Gladkikh, a computer programmer with the Russian Defense Ministry, allegedly conspired with others to carry out a series of cyberattacks against foreign refineries between May and September 2017, according to the indictment. Additionally, he allegedly installed malware called Triton on a security system for Schneider Electric, a solar and electric power company based in France.

The Triton malware, also known as TRISIS, was created in a Russian-backed research lab and was intended to damage industrial systems, according to the US Treasury.

Gladkikh is charged with three counts of conspiracy, including attempting and causing damage to an energy company, and accessing and damaging protected computers. He faces up to 45 years in prison.

“Energetic bear” claims

A separate indictment issued by a federal grand jury in August 2021 accuses three Russian FSB and military officials of consistently attacking energy companies, including oil and gas companies, nuclear power plants and public services.

The three men are Pavel Aleksandrovich Akulov, 36; Mikhail Mikhailovich Gavrilov, 42; and Marat Valeryevich Tyukov, 39. The three men worked on behalf of the Russian Federation at a military unit known as Center 16, prosecutors said.

Center 16 has received different names from security analysts, including Energetic Bear, Berzerk Bear, and Dragonfly. The trio allegedly targeted software used in power plants, according to court documents.

“Specifically, the conspirators targeted software and hardware that control power-generating facility equipment, known as ICS or Supervisory Control and Data Acquisition (SCADA) systems,” said the DOJ. “Access to such systems would have provided the Russian government with the ability, among other things, to disrupt and damage such computer systems at a future time of its choosing.”

The alleged attacks took place in two reconnaissance phases against the energy sector’s supply chain between 2012 and 2017, according to the DOJ. The first phase of the malicious campaign included the installation of a remote access Trojan known as “Havex”, which allowed the group to use tactics such as spear phishing and other attack maneuvers to tackle unsuspecting provider networks. The second part of the attack, which the DOJ calls “Dragonfly 2.0”, evolved into a campaign against employees, energy organizations and government agencies.

The DOJ statement said the group sued numerous victims, including the Kansas Electric Power Cooperative and its subsidiary Wolf Creek, a power plant that supplies power to Kansas and Missouri.

The individuals could face between 25 and 42 years in prison if convicted. The United States and Russia, however, do not have an extradition treaty. This means that as long as the defendants remain in Russia, there is little chance that they will ever be tried in the United States.

In order to protect against cyberattacks carried out by Russian nation states, the DOJ reiterates the following steps outlined by the Cybersecurity and Infrastructure Security Agency ‘Shields Up’ countryside.


Comments are closed.